Mac OS X: "safer, but less secure" - Update

coredump

[size=0.85em]

                               
登录/注册后可看大图

Security expert Charlie Miller intends to disclose a potentially record-breaking 20 zero day security holes in Apple's Mac OS X in one fell swoop. The details are to be revealed in his presentation at the Canadian CanSecWest security conference next week. Miller, who is already known for havingdiscovered a number of bugs in Mac OS X, talked with heise Security, The H's German associates, about his new findings and about the security of Apple's operating system beforehand.
[size=0.85em]The approximately 20 zero-day holes are contained in closed source Apple products, said Miller. "OS X has a large attack surface consisting of open source components (i.e. webkit, libz, etc), closed source 3rd party components (Flash), and closed source Apple components (Preview, mdnsresponder, etc). Bugs in any of these types of components can lead to remote compromise", he emphasised.
[size=0.85em]Miller discovered the new vulnerabilities by fuzzing, a process which involves bombarding an application's input channels with as much corrupted data as possible. His presentation is subtitled: "An analysis of fuzzing 4 products with 5 lines of Python". The expert explained: "The talk is about what you really find when you fuzz and it tries to draw conclusions about what to expect in the future when you fuzz a mature product." Parts of the presentation apparently consist of statistics, for instance, about which percentage of flaws causes crashes, and which percentage can be exploited remotely.
[size=0.85em]In cracking competitions, it is regularly the Apple systems which are cracked first by attackers. Miller has argued for some time that Mac OS X is among the comparatively insecure operating systems. Apple users are currently "safer, but less secure", he said. While malware authors don't concern themselves with the relatively small number of Apple users, Miller said, the size of the market share is no longer a valid argument in targeted attacks such as operation Aurora: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."
[size=0.85em]In Miller's experience, Apple's position in terms of security continues to be quite relaxed: "They sell lots of computers and nobody doesn't buy Apple computers because of a perceived lack of security. So in their minds, they don't have a security problem until it affects their bottom line, which hasn't been the case, yet", said the expert.
[size=0.85em]Update: Miller has clarified that he does not intend to reveal the details of the twenty vulnerabilities at CanSecWest, but will show only how he found them.
[size=0.85em]See also:

• Pwn2Own 2010: $100,000 for browser & mobile phone exploits, a report from The H.
• Fuzzy ways of finding flaws, a feature from The H

coredump

查理（Charlie Miller）又来了！这回他一次带了 20 个 Mac OS X 的漏洞来跟大家见面。

这位知名的 OS X 系统安全专家在 CanSecWest 上，一口气公开了 20 个可能让苹果遭受零时差攻击（zero day attack）的安全漏洞，这个数字甚至可能还被低估了。

根据 Miller 的调查，OS X 当中的一票开放原始码（open source ）组件，以及第三方、苹果官方软件的封闭原始码（closed source）组件等，整个形成了一个让黑客很舒服的攻击表面。（简单说就是太多漏洞 ...）

一旦有心人士掌握了这些漏洞，就可以进行一些远程突破、操作个人电脑的不当行为；在他眼中看来，Mac OS X 就像是一个位在乡间小路、没上锁的农舍，而 Windows 则是一间在治安极差的都市中，大门深锁的房子。

Tux

用户多了，安全性自然就不如以前了。因为关注它的人多了

pinkladypig

岂不是以后MAC也必须安装杀毒软件?

yuba

躲在路由器后面，没事儿的